Toward situational awareness in threat detection. A survey

The pervasiveness of the Internet did not come without security risk. The current threat landscape is characterized by the rise of sophisticated cyber attacks, which target user devices and corporate infrastructure. To tackle the risk of compromise, data‐driven detection strategies have become incre...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:WIREs. Forensic science 2022-07, Vol.4 (4), p.e1448-n/a
Hauptverfasser: Rendall, Kieran, Mylonas, Alexios, Vidalis, Stilianos
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The pervasiveness of the Internet did not come without security risk. The current threat landscape is characterized by the rise of sophisticated cyber attacks, which target user devices and corporate infrastructure. To tackle the risk of compromise, data‐driven detection strategies have become increasingly mainstream. The relevant literature includes many works that leverage open‐source datasets, supervised learning or, less commonly, unsupervised learning. However, advanced network attacks' spatial and temporal characteristics prove standalone threat detection systems inadequate, especially for detecting a multi‐stage attack and often stealthy techniques. Moreover, attackers have been demonstrating adversarial effects that are caused by deception and contaminating data‐driven methods with adversarial learning. For these reasons, recent research in threat detection is moving away from commonly, and often obsolete, datasets as well as adopting more multi‐layered decision strategies. As such, this article provides a comprehensive review of decision strategies. We also examine their ability to support cyber situational awareness (CSA), providing to security analysts CSA properties such as situation assessment and system refinement. This article is categorized under: Digital and Multimedia Science > Cyber Threat Intelligence Graphical shows the radial cycle of processes to achieve CSA in threat detection.
ISSN:2573-9468
2573-9468
DOI:10.1002/wfs2.1448